package com.kg.fiber.service.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
	private SecurityUserDetailsService securityUserDetailsService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    	http.headers().frameOptions().disable();
    	//http.headers().cacheControl().disable();
    	http.csrf().disable();
        http
            .authorizeRequests()
            	.antMatchers("/pages/**").permitAll()
            	.antMatchers("*.do").permitAll()
            	//.antMatchers("/boss/**").permitAll()
            	//.antMatchers("/channel/**").permitAll()
            	.antMatchers("/", "/index.html").authenticated()
            	.anyRequest().permitAll()
                .and()
//            .formLogin()
//                .and()
//            .logout()
//            	.logoutUrl("/logout")
//            	.logoutSuccessUrl("/")
//                .permitAll()
//                .deleteCookies("JSESSIONID")
//                .and()
//        	.requestMatchers()
//        		.requestMatchers(CorsUtils::isPreFlightRequest)
//        		.and()
            .httpBasic();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    	
    	auth.userDetailsService(securityUserDetailsService).passwordEncoder(SecurityConfig.encoder);
    	/*
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
                */
    }

}
